Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum will be discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Centre. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTRE DISCORD

Create new post

Intruder 503 Status error !

Rayan | Last updated: Jul 04, 2016 06:29PM UTC

Dears Greetings kindly want to inform you that iam doing a test using burp intruder on my voice chat login, i have a voice chat that have a login form include username and passwords, i have Burp suite Pro Edition but unfortunately when iam using the intruder on cluster bomb method and made the throttle 0, it's fast but return 503 Server unavailable. the other way to receive Status 200 = ok , is to make the intruder move slowly but it will take 1 year to find the correct user name and password. Is there a way to make a fast intruder test without return 503 status error ?

PortSwigger Agent | Last updated: Jul 05, 2016 07:36AM UTC

It sounds like this issue is specific to the application you are testing. Perhaps it cannot cope with the load of a fast automated attack, or perhaps there is an intentional defense mechanism that you are triggering due to the speed of your requests. The only thing you could consider doing in Burp is ensuring that each request happens in a different application session, in case the defense mechanism is implemented per-session. Otherwise, you might need to live with the rate limit.

Burp User | Last updated: Jul 05, 2016 09:30PM UTC

Dear Greetings thanks for your prompt reply, can you explain more about each request happen in different application session? cause it might work. thank you

PortSwigger Agent | Last updated: Jul 06, 2016 08:01AM UTC

Try removing all cookies from the Intruder template request, so that it is handled in a new session. Assuming you know some valid credentials, you should verify that the request successfully detects the valid credentials before you use it for brute forcing.

Burp User | Last updated: Jul 06, 2016 06:41PM UTC

Dear Dafydd Greetings thank you for your promp reply and assistant kindly want to inform you that i did remove all cookies from the intruder request, and i did try it on valid credentials it works but if the throttle was slow, seems my problem still exist still getting below response if its fast throttling HTTP/1.1 503 Service Temporarily Unavailable Server: nginx/1.6.2 Date: Wed, 06 Jul 2016 18:31:06 GMT Content-Type: text/html; charset=utf-8 Content-Length: 212 Connection: close the first 20 (successfully checking id,pass)tries it has the following response HTTP/1.1 200 OK Server: nginx/1.6.2 Date: Wed, 06 Jul 2016 18:32:16 GMT Content-Type: text/html; charset=utf-8 Content-Length: 771 Connection: close Cache-Control: private Set-Cookie: ASPSESSIONIDASACSQST=OICGKMFCLJFHOOJAIBFMLBIA; path=/ X-Powered-By: ASP.NET so when i run the intruder to be fast it has the first 20 check working, afterward most of the check has HTTP/1.1 503 Service Temporarily Unavailable. cookies remove is not working, the request sent to intruder is GET /xxxx/chat.asp?uid=106001&pass=MTIzNDU2Nzg%3D&color= HTTP/1.1 Accept: text/html, application/xhtml+xml, image/jxr, */* Referer: http://149.xx.xxx.xxx/xxxx/voicechat.asp?uid=106001&pass=MTIzNDU2Nzg= Accept-Language: en-US,en;q=0.8,ar-SA;q=0.5,ar;q=0.3 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: 149.xx.xxx.xxx Cookie: ASPSESSIONIDCQBCTRTT=IBBIKMFCHCHEPBKPHGJICIOE; ASPSESSIONIDASACSQST=NKBGKMFCBNLMAOENNAFLBIDH <<REMOVED THIS COOKIE BUT STILL GETTING 503 Connection: close how can i avoid 503 Service Temporarily Unavailable, in order to proceed with the usernames,pass checks ?

Burp User | Last updated: Jul 06, 2016 06:41PM UTC

Dear Dafydd Greetings thank you for your promp reply and assistant kindly want to inform you that i did remove all cookies from the intruder request, and i did try it on valid credentials it works but if the throttle was slow, seems my problem still exist still getting below response if its fast throttling HTTP/1.1 503 Service Temporarily Unavailable Server: nginx/1.6.2 Date: Wed, 06 Jul 2016 18:31:06 GMT Content-Type: text/html; charset=utf-8 Content-Length: 212 Connection: close the first 20 (successfully checking id,pass)tries it has the following response HTTP/1.1 200 OK Server: nginx/1.6.2 Date: Wed, 06 Jul 2016 18:32:16 GMT Content-Type: text/html; charset=utf-8 Content-Length: 771 Connection: close Cache-Control: private Set-Cookie: ASPSESSIONIDASACSQST=OICGKMFCLJFHOOJAIBFMLBIA; path=/ X-Powered-By: ASP.NET so when i run the intruder to be fast it has the first 20 check working, afterward most of the check has HTTP/1.1 503 Service Temporarily Unavailable. cookies remove is not working, the request sent to intruder is GET /xxxx/chat.asp?uid=106001&pass=MTIzNDU2Nzg%3D&color= HTTP/1.1 Accept: text/html, application/xhtml+xml, image/jxr, */* Referer: http://149.xx.xxx.xxx/xxxx/voicechat.asp?uid=106001&pass=MTIzNDU2Nzg= Accept-Language: en-US,en;q=0.8,ar-SA;q=0.5,ar;q=0.3 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: 149.xx.xxx.xxx Cookie: ASPSESSIONIDCQBCTRTT=IBBIKMFCHCHEPBKPHGJICIOE; ASPSESSIONIDASACSQST=NKBGKMFCBNLMAOENNAFLBIDH <<REMOVED THIS COOKIE BUT STILL GETTING 503 Connection: close how can i avoid 503 Service Temporarily Unavailable, in order to proceed with the usernames,pass checks ?

PortSwigger Agent | Last updated: Jul 07, 2016 07:48AM UTC

Ok, so it sounds like the application is either deliberately throttling login requests by triggering this error if the rate is too fast, or is becoming unintentionally unresponsive due to being overloaded. In this situation, you might just need to accept the need to work slowly.

Burp User | Last updated: Jul 17, 2016 07:49PM UTC

Dear dafydd Greetings is there any way to make the throttle request come from multiple IPs, for example every 20 throttle tries come from an IP, the second 20 throttle request come from another IP and so on ? please inform me if this possible thank you

PortSwigger Agent | Last updated: Jul 18, 2016 10:51AM UTC

There isn't a way to do this, sorry. Burp's requests will come from the default IP address on your network interface.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.